{"href": "https://www.seebug.org/vuldb/ssvid-75198", "cvelist": ["CVE-2002-0079"], "title": "Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (4)", "modified": "2014-07-01T00:00:00", "hash": "6bb703503fe1f54ef3cceb5906a58c714192d64ac430afc9916cdb75d1e87b2c", "objectVersion": "1.0", "id": "SSV-75198", "edition": 1, "references": [], "bulletinFamily": "exploit", "type": "seebug", "reporter": "Root", "history": [], "lastseen": "2016-07-29T21:51:22", "published": "2014-07-01T00:00:00", "description": "Summary: \n \nMicrosoft IIS(Internet Information Server)is a MS Windows System The default that comes with the Web server software.< br/>IIS 4.0/5.0 ASP (Active Server Pages) ISAPI filter there is a remote buffer overflow vulnerability, remote attacker could exploit this vulnerability to obtain the host local ordinary user access permissions.< br/>The default installation of IIS 4.0/5.0 server to load the ASP ISAPI filter, it is in the processing sub-block coded transmission(chunked encoding transfer)mechanism in the code there is a buffer overflow vulnerability. An attacker submitted a malicious chunked encoded data can overwrite the heap area of the memory data, so as to he specified to rewrite the data of any address of the 4 bytes of memory. For example, an attacker can make dllhost. exe rewrite it can access any of the 4 bytes of memory, including a program function pointer, exception handling module a pointer or any other can be used to control program execution flow of the address, thus changing the program execution flow, the execution of arbitrary attacker-specified code.< br/>If the attacker uses random data, you may enable the IIS service to crash(IIS 5.0 will automatically restart) it. If carefully constructed to send the data, it may allow an attacker to execute arbitrary code.< br/>successfully exploited this vulnerability for IIS 4.0 remote attackers can obtain SYSTEM privileges; for IIS 5. 0 the attacker can obtain the IWAM_computername user's permissions.< br/>\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "enchantments": {"vulnersScore": 3.7}}